IPhone passwords 'shockingly easy' to steal from iOS users

iOS Phishing Attack Masks Itself As Apple-Style Password Request

Proof-of-concept demonstrates how easy it is to fool Apple users with a simple popup

As Krause notes, fewer than 30 lines of code can be used to make a very convincing phishing dialog. That's the case put forward by app developer Felix Krause, who has written a proof-of-concept breakdown of malicious lookalike pop-ups.

The developer explains it is incredibly easy for an iOS app maker to recreate the Apple ID password prompt.

iOS asks users for their passwords for many reasons, but the most common ones are recently installed iOS operating system updates or iOS apps that are stuck during installation.

'However, those popups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, GameCenter or In-App-Purchases.

He says it's possible for criminals to programme apps to run certain code only after Apple has approved it for a spot in the App Store, and that the scheme works because iOS has "trained" users to automatically enter their details without questioning a popup's legitimacy.

Zuckerberg announces $199 Oculus Go as "sweet spot" standalone headset
It appears that the mobile headset will be a similar experience to the Gear VR, allowing users to spin around but not move freely. Additionally, the headset comes with built-in spatial audio and a good ol' fashioned 3.5mm headphone jack as well.

Berenberg Bank Boosts Carnival plc (CCL) Price Target to GBX 5300
USA Financial Portformulas Corp bought a new stake in shares of Carnival Corporation during the 2nd quarter valued at $4,302,000. Investors look at the Volatility 12m to determine if a company has a low volatility percentage or not over the course of a year.

BAE Systems to axe 1915 jobs in UK
She said the cuts were the result of internal restructuring, and "not related to any United Kingdom defense spending decisions". She said: "BAE Systems is an important employer in Fife and a key player in the region's technology and engineering sector".

"This could easily be abused by any app..." That being said, it should be pointed out that this phishing method isn't exactly new and that Apple usually checks apps for this before being accepted to the App Store. So, what can you do to protect yourself now?

For example, rather than use a login popup, Apple could request iPhone users to input their username and password into the Settings section of their phone.

Even if you have two-factor authentication (2FA), what's to stop an app developer from asking for your 2FA key as well? More likely to happen is his suggestion that Apple change the design of its system prompts to include an extra icon that indicates it's an official request.

But what if that pop-up hasn't come from Apple, and has instead been created to look like an official request in an attempt by hackers to steal your credentials?

Latest News